Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities

John Diamant

doi:10.1109/MSP.2011.88

Security&Privacy
2011
Issue No. 4 - July-Aug.
Abstract - Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by John Diamant

Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities

July-Aug. 2011 (vol. 9 no. 4)

pp. 80-84

	ASCII Text	x
	John Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities," IEEE Security & Privacy, vol. 9, no. 4, pp. 80-84, July-Aug., 2011.

	BibTex	x
	@article{ 10.1109/MSP.2011.88, author = {John Diamant}, title = {Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities}, journal ={IEEE Security & Privacy}, volume = {9}, number = {4}, issn = {1540-7993}, year = {2011}, pages = {80-84}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2011.88}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities IS - 4 SN - 1540-7993 SP80 EP84 EPD - 80-84 A1 - John Diamant, PY - 2011 KW - software development KW - HP Comprehensive Applications Threat Analysis KW - W. Edwards Deming KW - security vulnerabilities KW - dynamic application security testing KW - static application security testing KW - security requirements gap analysis KW - architectural threat analysis KW - security quality KW - zero day KW - 0-day KW - security and privacy VL - 9 JA - IEEE Security & Privacy ER -

John Diamant, Hewlett-Packard

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.88

The software industry would be better off with more emphasis on early-lifecycle security—avoiding security mistakes in the first place. That means security requirements analysis and architecting or designing security in, an approach that's rare but that provides substantial benefits.

1. G. Santayana, Reason in Common Sense, Dover, 1980; www.gutenberg.org/files/15000/15000-hvol1.html .
2. D. Hamilton, "HP Adds Early Life Cycle Application Security Analysis to Discover Hidden Weaknesses," Web Host Industry Rev.,11 June 2010; www.thewhir.com/web-hosting-news061110_HP_Unveils_Early_Life_Cycle_Application_Security_Analysis_to_Discover_Hidden_Weaknesses .
3. T. Espiner, "IBM: Public Vulnerabilities Are Tip of the Iceberg," CNET News,1 June 2007; http://news.cnet.com/IBM-Public-vulnerabilities-are-tip-of-the-iceberg 2100-1002_3-6188032.html .
4. B. Boehm, "Industrial Metrics Top 10 List," IEEE Software, vol. 4, no. 5, 1987, pp. 84–85.
5. B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000, p. 318.
6. Ike Skelton National Defense Authorization Act for Fiscal Year 2011, HR 6523, US Government Printing Office, 2010; www.gpo.gov/fdsys/pkg/BILLS-111hr6523ih/ pdfBILLS-111hr6523ih.pdf.

Index Terms:

software development, HP Comprehensive Applications Threat Analysis, W. Edwards Deming, security vulnerabilities, dynamic application security testing, static application security testing, security requirements gap analysis, architectural threat analysis, security quality, zero day, 0-day, security and privacy

Citation:

John Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities," IEEE Security & Privacy, vol. 9, no. 4, pp. 80-84, July-Aug. 2011, doi:10.1109/MSP.2011.88

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.